Security for Everyone - Reviewing ZoneAlarm Internet Security Suite 2012
Check Point, the company behind ZoneAlarm, has aggressively pursued Internet security since 1993. In 2004 the acquisition of ZoneAlarm allowed protection against virus and spyware threats to share the spotlight with the very well received Check Point firewall. ZoneAlarm was last reviewed on 7 Tutorials with version 2010  and missed the Grandma rating due largely to cumbersome or complicated configuration issues. In this review we will see where ZoneAlarm Internet Security Suite 2012 has taken us.
ZoneAlarm provides a 30 day trial  in the form of a quick pre-installer download. There are no requirements to access the trial and setup begins with little effort. The install process does require basic registration where only an email address and name is required. During the install you have the option to perform a preliminary boot sector and memory scan (recommended). You will also find an option to install the ZoneAlarm Security toolbar. The default setting is to install the toolbar. With the download and setup complete you are presented with a very minimal main ZoneAlarm interface.
ZoneAlarm handles ending the Windows Firewall  for you but does not end the native Windows Defender service . A quick look at the ZoneAlarm services and processes finds them well protected. Each attempt at ending these jobs, thus compromising security, was denied.
ZoneAlarm leaves a good initial impression. It has proven to be light and unassuming while running quietly in the system tray. The only prompt seen, has been for the initial update which was performed shortly after the setup completed. In the following section we will spend some time looking at how easy or difficult ZoneAlarm Internet Security Suite 2012 is to use and configure.
Ease of Use and Configuration
The main ZoneAlarm interface breaks your areas of configuration into three separate sections: Computer, Internet plus Identity & Data. The Computer section is where you will find configuration options for the firewall, scanning and application control. In the Internet section you will find a few options related to browser security and parental controls. Finally, the Identity and Data section is where you can define settings related to protecting your identity.
We will be spending most of our time in the Computer section. In this section you will find a simple toggle switch for turning on or off the various services. In addition, there is a bit of activity related information such as the number of files scanned and threats identified. For network related threats, the firewall section displays the number of access attempts blocked. Each of these basic statistics are in the form of a link to more detailed information. Each section also includes a link to their individual setting and a few standard functions such as identifying firewall zones and initiating a scan or update.
Working from the top down, you will find a link to view the firewall zones. I always appreciate when a firewall solution includes zones as part of the user definable configuration. When implemented properly, this single feature can go a long way toward improving your security by enabling you to actively switch between zones based on the type of Internet connection you are using (Public or Trusted). ZoneAlarm handles this function well by making it easy for you to see the currently applied zone and make any necessary edits.
You can adjust the type of protection associated with a zone by accessing the firewall settings. Here you can set the Public or Trusted zones to off, medium or high. You can find more advanced firewall settings in the, you guessed it, Advanced Settings section. The advanced firewall settings allow you to define some additional network behavior and choose how ZoneAlarm should handle newly identified networks by placing them in an appropriate zone.
From the scan settings you can update several of the more popular options such as how files and downloads should be scanned, how a scan schedule should be set, when updates should be performed and several more. ZoneAlarm displays these options in an easy to understand format with a simple link which allows you to make any applicable changes. You may also access the quarantine from this area and easily restore an item.
Speaking of the quarantine, ZoneAlarm includes a unique option here. When antivirus updates are applied the default setting is to rescan those items in quarantine and automatically restore them if they are found to be safe. I find this to be a well thought out option, one that places a positive emphasis on the user experience.
In addition to those items previously mentioned, you can define different types of manual scans, identify exceptions and choose whether more advanced options are enabled such as heuristic and riskware scanning.
ZoneAlarm is also one of the few suites of late to take the pre-scheduling of tasks seriously. This is another nod toward a good user experience. The pre-defined tasks include weekly, monthly and even yearly scheduled scans.
Another rather exhaustive area of configuration can be found in the area of Application Control. In this section you can manage how applications interact with the network. You can control inbound and outbound access and set when you should be shown an access prompt or notification. ZoneAlarm does not stop at application control. If you choose to enable it, you can control applications and processes at the component or service level. This is quite powerful and it is clearly understandable why it would be disabled by default. However, if you spend some time reviewing the help text you may become comfortable with limiting activity at the DLL or ActiveX level.
A couple more configuration options worth noting are found in the Internet and Identity & Data sections. In the Internet section you can adjust a handful of settings (all enabled by default) such as enabling site status check and scanning downloads for malware. Where Identity & Data protection is concerned, you can set ZoneAlarm to monitor for values such as credit card numbers and street addresses.
ZoneAlarm Internet Security Suite 2012 has proven to be quite simple to navigate and configure. The settings are easy to understand and thorough enough to satisfy most users. The novices among us will certainly feel ZoneAlarm is working with them and not against them.
ZoneAlarm has wrapped several advanced options into their firewall offering. This is to be expected, considering the strength and history of the Check Point firewall.
In the settings you can define just how the different zones (Public, Trusted) should behave. You also have the opportunity to set some pretty advanced rules where you can define certain methods of communications between source and destination systems. ZoneAlarm even allows you to group rules together and set time restrictions on when rules in a group might be executed.
You will also find good logging built into the firewall, however the responsiveness of the logs left a bit to be desired. You do have full control over how long information should be retained and where this information should be stored.
When reviewing any firewall, I like to spend some time intrusively scanning the test system. To get this done I use the Nmap  utility. When I performed the scan tests, the results left me rather perplexed. I fully expected to find a system that may err more on the locked down side than not. What I found was quite the opposite. Scanning the system in both Trusted and Public zones did produce different results but only marginally. It appears the Public zone simply blocks the broadcast of netbios  information such as computer name and workgroup data, but does not block any more ports than the Trusted zone does. This was easily confirmed when reviewing the zone setting. The Public zone is set to block incoming netbios requests while the Trusted is not. This is the only difference between zones. In each zone there were 13 open ports identified which places the ZoneAlarm firewall in a decidedly average, if not below average position. Thankfully, a follow up scan with the Nessus  utility found none of the open ports critical to system security.
ZoneAlarm provides all the settings and options to make their firewall quite hearty. It is easy to adjust what information should be blocked or allowed for the Public and Trusted zones. This is especially helpful when you consider that making adjustments to the zones is something that should definitely be done. Unfortunately, this will likely require more knowledge than the novice will have, therefore making the default firewall configuration less than desirable.
Antivirus and Antispyware Features
ZoneAlarm continues to utilize the Kaspersky  antivirus engine which should bode well considering how strong Kaspersky has traditionally been in this market.
As with the firewall offering, you will find good logging options where scanning activity is concerned. Also like the firewall offering you will find the log responsiveness to be somewhat lacking. Once the logs do populate, you will find a wealth of information that could prove helpful if you have a particularly nasty bug recurring.
The scanning options include all the standard fare, most of which were mentioned in the Use and Configuration section above. In addition to basic scanning options you will notice a section dedicated to behavioral scanning. This section focuses on the behavior of file and system activity. This area is especially designed to identify suspicious activity of the sort that might identify a worm or root-kit based threat.
I found ZoneAlarm does a very good job of dealing with files downloaded from the Internet. Each download is scanned and checked against a database of known safe programs. If your download is not found in the safe list, an appropriate message is displayed asking for your confirmation and acceptance of the file. At this point you can choose to save or run the application. If a file is found to be malicious, you can take the recommended action of deleting the file or continue with the normal set of tasks and save or open the file.
In the case of the malicious file above, I chose to continue and was able to unzip and extract the malicious executable. When I tried to run the executable, ZoneAlarm quickly intervened by blocking the application and quarantining the file.
I also planted several malicious files before installing ZoneAlarm. Each file was identified and dealt with appropriately. It seems the Kaspersky engine is alive and well in the ZoneAlarm implementation.
When reviewing a scanning solution, I like to take the battle to the browser. ZoneAlarm did not disappoint in this regard either. Each attempt to visit a malicious site resulted in the web browser control warning me of impending doom were I to continue. I should mention the toolbar did add about 2 seconds to the time required to load the browser. A small, but noticeable, price to pay for effective protection.
ZoneAlarm has put together a very effective antivirus and antispyware solution. The associated options are plentiful and the protection provided is quite strong. There are a few areas that appear sluggish, particularly when reviewing logs, but nothing so poor that your overall experience would be tainted. Well done ZoneAlarm!
The ZoneAlarm interface has shown considerable improvement since last reviewed here on 7 Tutorials. The configuration should be easy for a novice to grab hold of and understand. Antivirus scanning and effectiveness appears top-notch and is even scheduled properly to keep your system safe from undesirables. The firewall is the single area where ZoneAlarm could make some real improvements to the default configuration. Despite this oversight, I believe ZoneAlarm Internet Security Suite 2012 has earned the "BUY for Everyone!" standing and can be considered a security solution for everyone.